Rules, smules...they don't seem to apply to Hillary Clinton. The Washington Post has an excellent piece about the Clinton email scandal.For “personal comfort” reasons, she wanted to use her personal unencrypted BlackBerry for all her email, despite warnings that it could be vulnerable. She even took it overseas, although she supposedly said she “gets it” being a security risk. Don’t be silly and expect her to use a PC; oh no, she was seemingly a CrackBerry fanboy. She also didn’t bother to tell officials that her BlackBerry was tied to her infamous private email server. That server was supposedly also for her comfort – for her “convenience.”To read this article in full or to leave a comment, please click here
Well it’s springtime and if you are the type to embrace nature and hang out near freshwater, then you may see dragonflies. The next time you see one, consider that its robotic counterpart has finally been granted a patent.Wait, haven’t you seen dragonfly-like MAVs for years now? Probably. Georgia Tech Research Corporation filed the patent in 2012. At any rate, the patent says that in order for DARPA to consider an aerial vehicle as a MAV, it must be “smaller than 6 inches in any direction or must not have a gross takeoff weight greater than 100 grams” (about .22 pounds or roughly the same weight as 100 Skittles.)To read this article in full or to leave a comment, please click here
So NAND mirroring doesn’t work to crack into Syed Farook's work iPhone and grab the contents, huh? Tell that to the security researcher’s proof-of-concept demonstration.iPhone forensics expert Jonathan Zdziarski previously suggested the FBI could use NAND mirroring to get information off the locked San Bernadino shooter’s iPhone; yet FBI Director James Comey claimed that making a copy of the phone’s chip to get around the passcode “doesn’t work” and the solution would be “software-based.”To read this article in full or to leave a comment, please click here
Wham, bam, bam – three more hospitals have been hit with ransomware.Kentucky hospital hit with ransomwareDavid Park, COO of Methodist Hospital in Henderson, Kentucky, told WFIE 14 News that after attackers copied patients’ files, locked those copies and deleted the originals, the hospital notified the FBI. The attack happened on Friday after the ransomware made it past the hospital’s email filter; by Monday, Methodist officials said their system was “up and running.”To read this article in full or to leave a comment, please click here
Oh the Paris terrorists must have used encryption to evade detection we’ve heard again and again since the attacks; come to find out, the attackers resorted to using burner phones.Having gotten its hands on a 55-page report prepared by French police and given to France’s Interior Ministry, The New York Times reported that disposable phones played a big part in how the Paris terrorist avoided detection. “They used only new phones that they would then discard, including several activated minutes before the attacks, or phones seized from their victims.”To read this article in full or to leave a comment, please click here
Last week WikiLeaks launched the Hillary Clinton email archive; it’s described as “a searchable archive for 30,322 emails & email attachments sent to and from Hillary Clinton's private email server while she was Secretary of State. The 50,547 pages of documents span from 30 June 2010 to 12 August 2014. 7,570 of the documents were sent by Hillary Clinton.”The Washington Examiner honed in on an email from 2012 that was forwarded to Clinton after her deputy chief of staff noted that it was a “pretty good idea.” It is supposedly proof that Google wanted to help insurgents overthrow Syrian President Bashar Assad. It seems like the State Department, Google and Al Jazeera were all in cahoots.To read this article in full or to leave a comment, please click here
Sunshine Week 2016 may be over, but the public’s right to access public government information in order to make the government accountable never ends.Before Barack Obama was president, he repeatedly promised many things that never came to fruition such as to provide the “most transparent” administration in history.
But the truth is that the Obama administration has set an all-time new record for failure to provide documents via FOIA requests. The Associated Press analyzed FOIA requests sent to 100 federal government agencies in 2015 – the final figures to be released during Obama’s administration.To read this article in full or to leave a comment, please click here
A new Kaspersky Lab report (pdf) by security researchers Santiago Pontiroli and Bart P looks at the big business of Steam Stealers that “have turned the threat landscape for the entertainment ecosystem into a devil’s playground.”Wannabe cyber crooks might turn to malware which steals Steam credentials because it’s incredibly cheap. The report said $3 will buy usage rights for a Steam platform credential stealer and $7 adds source code and a user manual. Researchers said comparative malicious campaigns usually start at the $500 range. There are Steam Stealers which cost more, but “it would be hard to find any stealer being sold for more than $30.”To read this article in full or to leave a comment, please click here
So what do Chinese government-supported hackers turn to after China backed off on supporting economic espionage? Applying their APT skills to infecting companies with ransomware…at least that is the prevailing theory put forth by several security firms.If China really did pull its previous level of support for economic espionage after its agreement with the US late last year, then those same hackers may be supplementing their income by joining the booming business of ransomware.Security firms involved in investigating ransomware attacks that have not previously been made public told Reuters that Chinese hackers are the most likely suspects behind the attacks. It should be noted that none of the security companies could be positive that plain-old cybercrooks weren’t behind the attacks after upping their game, improving skills and purchasing tools previously used only by governments. At least a half dozen ransomware attacks in the last three months have a level of sophistication that is usually only used in state-sponsored attacks.To read this article in full or to leave a comment, please click here
If you feel comforted by your antivirus vendor’s boast of having a certification from Verizon, then maybe you need to rethink that. Google Project Zero security researcher Tavis Ormandy says the methodology behind Verizon’s certification is “about as ridiculous as you would expect,” but vendors follow the gimpy guideline criteria (pdf), pay the fee to be certified and users tend to view the certification as some sign of excellence to be trusted.To read this article in full or to leave a comment, please click here
In the legal arena, Microsoft is going after Comcast in order to unmask the person behind an infringing IP address which activated thousands of Microsoft product keys stolen from Microsoft’s supply chain.The Redmond giant wants the court to issue a subpoena which will force Comcast to hand over the pirating subscriber’s info. If the infringing IP address belongs to another ISP which obtained it via Comcast, then Microsoft wants that ISP’s info and the right to subpoena it as well.From 2012 to 2015, Microsoft maintains that an IP addy assigned to Comcast pinged its servers in Washington over 2,000 times during the software activation process. “Detailed information” such as the activation key and IP address activating Microsoft products is transmitted to Microsoft; it’s considered to be “voluntarily provided by users.”To read this article in full or to leave a comment, please click here
For March 2016 Patch Tuesday, Microsoft released 13 security bulletins and rated five of those as critical.Critical patches for RCE flawsMS16-023 is the cumulative patch for IE to stop remote code execution flaws and correct 13 memory corruption vulnerabilities that have not been publicly disclosed.MS16-024 is the monthly fix for Microsoft Edge; it patches 10 memory corruption flaws that could lead to remote code execution and one information disclosure bug – none of which have been publicly disclosed.To read this article in full or to leave a comment, please click here
Welcome to the club, OS X users, since you are now vulnerable to ransomware infections and popular cybercriminal extortion schemes. The Transmission BitTorrent client has the dubious honor of being chosen as the first target to deliver Mac ransomware.On Saturday, OS X Transmission users who had downloaded version 2.90 took to the forum to report “OSX.KeRanger.A” malware. On Sunday, Palo Alto Network researchers Claud Xiao and Jin Chen revealed that on March 4 they had detected the “first fully functional ransomware seen on the OS X platform.” Attackers had infected two Transmission version 2.90 installers with KeRanger.To read this article in full or to leave a comment, please click here
If you want to change the world, it might not occur to you to start by getting drunk. At least that’s how it happened for an idea that led to a tiny biological computer which will reportedly be morphed into a “living, breathing supercomputer” about the size of a book.“We’ve managed to create a very complex network in a very small area,” said McGill University’s Dan Nicolau, Chair of the Department of Bioengineering. “This started as a back of an envelope idea, after too much rum I think, with drawings of what looked like small worms exploring mazes.”To read this article in full or to leave a comment, please click here
You may have seen movies which feature some evil house that is out to get the occupants, but those usually aren’t smart homes. In real life if you use connected devices to make your home “smart,” then you might expect potential security flaws, but you don’t expect those IoT devices to act like they are possessed and to negatively control your house on their own.While you don’t want to freeze in the winter, there’s a big difference between being toasty in your home and being roasted alive. Yet some British Gas customers who have adopted Hive smart thermostats were at the mercy of the devices which sent temperatures soaring to nearly 90 degrees Fahrenheit (89.6). After the Hive thermostat, which has an app that works as the “remote control,” completely glitched out, some users took to Twitter to express their displeasure.To read this article in full or to leave a comment, please click here
After all the big breaches reported last year, Real Future's Kevin Roose wanted to see how well he would fare in a personal pen-test. Issuing such a “hack me” challenge is rarely wise as New York University Professor and PandoDaily editor Adam Penenberg found out a few years ago after asking TrustWave to hack him if it could. Roose posted a video showing “what happens when you dare expert hackers to hack you” and the resulting pwnage was not pretty.To read this article in full or to leave a comment, please click here
Another day, another flaw revealed in the Internet of insecure things. If you have a Nissan Leaf, then prepare yourself to potentially be pranked by friends, frenemies – even complete strangers on the other side of the world. All a person needs is your Vehicle Identification Number (VIN) – which happens to be visible on your Leaf for anyone who wants to see it – and for you to use the Nissan Leaf remote management app.
Security pro Troy Hunt revealed that pranksters can switch on and off your heat or AC while your car is parked as well as exploit other options available to Nissan Leaf electric car owners via the companion NissanConnect EV app. The vulnerabilities are in the mobile management APIs which allow car owners to “check the state of battery charge, start charging, check when battery charge will complete, see estimated driving range, and turn on or off climate control system.” If anyone has your VIN, and you use the app, then they too can control those options via a web browser.To read this article in full or to leave a comment, please click here
If you are “a leader in the Internet safety and security field for over 15 years” and run a company that has monitored and maintained the digital activity records of “260,000 kids in more than 50 countries around the world,” when you fail to password-protect the database for your child activity tracker firm and the database is exposed, would the reasonable response be akin to killing the messenger?MORE ON NETWORK WORLD: 6 simple tricks for protecting your passwords
The company, uKnowKids, sells parents a service to track their kid’s online activity such as social media accounts, chats, posted pictures, etc. as well as text messages via smartphone. While that may seem a bit creepy with a control-freakish vibe, Steve Woda, CEO of uKnowKids, said the company was “created after one of our family children was victimized by an online predator.” Right now it seems like Woda is steaming mad at security researcher Chris Vickery, considering a good portion of the post alerting parents to a uKnowKids breach is devoted to blistering Vickery.To read this article in full or to leave a comment, please click here
Here are a couple of news tidbit from Mobile World Congress that caught my eye.Wi-Fi hack experiment highlighted “reckless” actions by MWC attendeesIt’s likely that many people flooding into the Barcelona Airport over the weekend were headed for Mobile World Congress – a destination which should be filled with people who are smart and knowledgeable regarding mobile devices, but Avast Software called some attendees’ behavior “reckless.”To read this article in full or to leave a comment, please click here
“I’m sorry I have to come with bad news,” wrote Clement Lefebvre, head of the Linux Mint project, before announcing Linux Mint suffered an intrusion; on February 20, “hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it.”It’s not all Linux Mint, ranked by DistroWatch as the most popular Linux distribution for the last year, that were affected, but only the ISO for Linux Mint 17.3 Cinnamon edition downloaded from the site on Saturday. Lefebvre noted that other ISO releases downloaded from the site on Feb. 20 as well as the Cinnamon edition ISOs downloaded via torrents or a direct HTTP link should not be affected.To read this article in full or to leave a comment, please click here
Ms. Smith